From a security/privacy standpoint, what would you lose

This is a bit of a fundamental question, but I’m trying to get a better understanding of the PureOS/coreboot advantage over other Linux distros on a Librem. For people who install other Linux distros, say Ubuntu for example, do they lose Coreboot as well?
Would they lose the function of the TPM or the disabling of the Intel ME, or are those inherent to the Librem platform?
Sorry if these seem noobish, I’ve been an Mac user forever. I mean former Mac user.

No they don’t, coreboot is at a lower level than the OS :slight_smile:

The IntelME has been neutralized and would still be even if you used another distribution. As for the TPM, I am not very familiar with Heads but according to this article from @Kyle_Rankin , in which he talks about Qubes, I believe Heads comes at a lower level too.

It is never stupid to ask when you are willing to learn :slight_smile:

1 Like

You keep Coreboot, no matter the operating system. TPM support should not require any particular OS, but it is early days. Updating these might be easier using PureOS, but likely not required. I keep a copy of PureOS installed on an external drive just for these low-level update cases though, just seems to easier when I need Support. I run Debian as my main OS.

If you go the Ubuntu route, you will move further from “free” as Ubuntu includes non-free drivers and other programs, by default. It also has somewhat of a history for you-got-opted-in privacy-related features that are difficult to disable (e.g. Amazon Lens). It may have learned its lesson, but we’ll see. That said, Ubuntu is fairly widespread and has great work otherwise and I end up using it often at my workplace and for many automatic deploys, like Mail-in-a-box.

For Purism hardware, however, freedom and privacy are sort of the point, so I wouldn’t install any non-free OS just out of principle. May as well buy any laptop if you’re not overly concerned with freedom and privacy. I would install Debian free-only (what I’m currently using), PureOS, or Trisquel. I’m not overly experienced with the other FSF approved options: Note that Debian is not on that list because of what I consider a minor reason: Debian gives the option to use, and will distribute non-free software if you ask it to, but it does not by default.

PureOS is what I’d recommend to most Purism hardware users, as you’ll get the best Support that way. And it seems to be a good OS. Basically, as I understand it, it’s Debian with lots of stuff installed and configured the Purism way, which includes a strong focus on freedom and privacy.

I use Debian because I’m pretty experienced with it and I can install just what I want instead of the most-everything-installed route of PureOS.

I wouldn’t recommend Trisquel for most users, even though “that’s what Stallman uses” :wink: just because Trisquel often lags way behind and that can be frustrating to new users just trying to get their footing.

Most of this post is my opinion, of course. There are some facts sprinkled throughout. :sunny:

1 Like

Thank you, that’s very helpful and it helps tie together what I’ve heard Todd say about security being a game of depth.
I love my Purism 15 and with KDE Plasma on top of PureOS, it has everything I need.

Plasma on PureOS sounds good, but what about Plasma on PureOS on Qubes?

Mind blown<
Well, I’m not sure I have the technical skill to pull that off yet, but yes, that would be a great setup